Author Topic: OHPE ver.4.12_23 another problem (Read 1080 times)

dethwish · « **on:** May 02, 2006, 02:41:19 AM »

Hi im another one with the same problem that everyone seems to be getting, here's a copy of my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 5:40:26 PM, on 5/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\dcomcfg.exe
E:\WINDOWS\system32\atmclk.exe
E:\Program Files\ABIT\ABIT uGuru\uGuru.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\DU Meter\DUMeter.exe
E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
E:\Program Files\Microsoft AntiSpyware\gcasServ.exe
E:\Program Files\Logitech\iTouch\iTouch.exe
E:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
E:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
E:\WINDOWS\system32\CTHELPER.EXE
E:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\Program Files\DAEMON Tools\daemon.exe
C:\pstrip.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
E:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
E:\WINDOWS\system32\CTsvcCDA.exe
E:\Program Files\Executive Software\Diskeeper\DkService.exe
E:\Program Files\ewido anti-malware\ewidoctrl.exe
E:\WINDOWS\System32\GEARSec.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\3dmax8\mentalray\satellite\raysat_3dsmax8server.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\HJT\HijackThis.exe

O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - E:\WINDOWS\system32\hp7EE4.tmp
O4 - HKLM\..\Run: [GuruClock] E:\Program Files\ABIT\ABIT uGuru\GuruClock.exe
O4 - HKLM\..\Run: [ABIT uGuru] E:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DU Meter] E:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gcasServ] "E:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] E:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CTSysVol] E:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] E:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] E:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PowerStrip] c:\pstrip.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.Email Removed.msn.com/resources/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37769AAD-7F6F-4266-828D-FC351E8070AF}: NameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3D00ADB-9663-4548-A319-31ADF38EBFB4}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{37769AAD-7F6F-4266-828D-FC351E8070AF}: NameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{37769AAD-7F6F-4266-828D-FC351E8070AF}: NameServer = 192.168.1.254
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - E:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - E:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - E:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\3dmax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Norton Ghost - Symantec Corporation - E:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe

any help would me much appreciated

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

guestolo · « **Reply #1 on:** May 06, 2006, 10:52:05 AM »

Very sorry for the delay, if you still need a hand, can you please post a fresh hijackthis log

dethwish · « **Reply #2 on:** May 08, 2006, 01:00:22 AM »

no worries about the delay, here's a new log:

Logfile of HijackThis v1.99.1
Scan saved at 3:58:00 PM, on 5/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\dcomcfg.exe
E:\WINDOWS\system32\atmclk.exe
E:\Program Files\ABIT\ABIT uGuru\uGuru.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\DU Meter\DUMeter.exe
E:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\Program Files\Microsoft AntiSpyware\gcasServ.exe
E:\Program Files\Logitech\iTouch\iTouch.exe
E:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
E:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
E:\WINDOWS\system32\CTHELPER.EXE
E:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\Program Files\DAEMON Tools\daemon.exe
C:\pstrip.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
E:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
E:\WINDOWS\system32\CTsvcCDA.exe
E:\Program Files\Executive Software\Diskeeper\DkService.exe
E:\Program Files\ewido anti-malware\ewidoctrl.exe
E:\WINDOWS\System32\GEARSec.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\3dmax8\mentalray\satellite\raysat_3dsmax8server.exe
E:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
E:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\WINDOWS\System32\svchost.exe
E:\Documents and Settings\Dethwish's Den\Desktop\HijackThis.exe

O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - E:\WINDOWS\system32\hp9059.tmp
O4 - HKLM\..\Run: [GuruClock] E:\Program Files\ABIT\ABIT uGuru\GuruClock.exe
O4 - HKLM\..\Run: [ABIT uGuru] E:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DU Meter] E:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gcasServ] "E:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] E:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CTSysVol] E:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] E:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] E:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PowerStrip] c:\pstrip.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MSConfig] E:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.Email Removed.msn.com/resources/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37769AAD-7F6F-4266-828D-FC351E8070AF}: NameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3D00ADB-9663-4548-A319-31ADF38EBFB4}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{37769AAD-7F6F-4266-828D-FC351E8070AF}: NameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{37769AAD-7F6F-4266-828D-FC351E8070AF}: NameServer = 192.168.1.254
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - E:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - E:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - E:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\3dmax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Norton Ghost - Symantec Corporation - E:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe

guestolo · « **Reply #3 on:** May 08, 2006, 08:41:02 AM »

I'm just on my way to work
In the meantime, can I have you do a couple things please

Your controlling entries it appears with msconfig
Although not a bad thing, it may cover up some bad entries that I may need to see
Can you do the following please
Go to start>>run>>type in msconfig
Hit OK
Under the Startup tab>>enable all
Ensure Normal startup is selected under the General tab
Apply it and Close
Do not restart the computer yet until I get a chance to see a new hijackthis log

Post back with a fresh hijackthis log

Also:
Please download [color=\"red\"]SmitfraudFix[/color][/url] (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

[color=\"#3366FF\"]Note[/color] : [color=\"#FF0000\"]process.exe[/color] [color=\"#3366FF\"]is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.[/color]

dethwish · « **Reply #4 on:** May 08, 2006, 08:59:31 PM »

thanks, sorry i had to restart my computer cos it went spatic and opened over 50 copies of my java program, bringing the computer to such a halt i couldnt even close the processes

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' /> neways i hope this is still all relevant, here's my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 3:58:00 PM, on 5/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\dcomcfg.exe
E:\WINDOWS\system32\atmclk.exe
E:\Program Files\ABIT\ABIT uGuru\uGuru.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\DU Meter\DUMeter.exe
E:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\Program Files\Microsoft AntiSpyware\gcasServ.exe
E:\Program Files\Logitech\iTouch\iTouch.exe
E:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
E:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
E:\WINDOWS\system32\CTHELPER.EXE
E:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\Program Files\DAEMON Tools\daemon.exe
C:\pstrip.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
E:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
E:\WINDOWS\system32\CTsvcCDA.exe
E:\Program Files\Executive Software\Diskeeper\DkService.exe
E:\Program Files\ewido anti-malware\ewidoctrl.exe
E:\WINDOWS\System32\GEARSec.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\3dmax8\mentalray\satellite\raysat_3dsmax8server.exe
E:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
E:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\WINDOWS\System32\svchost.exe
E:\Documents and Settings\Dethwish's Den\Desktop\HijackThis.exe

O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - E:\WINDOWS\system32\hp9059.tmp
O4 - HKLM\..\Run: [GuruClock] E:\Program Files\ABIT\ABIT uGuru\GuruClock.exe
O4 - HKLM\..\Run: [ABIT uGuru] E:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DU Meter] E:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gcasServ] "E:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] E:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CTSysVol] E:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] E:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] E:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PowerStrip] c:\pstrip.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MSConfig] E:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.Email Removed.msn.com/resources/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37769AAD-7F6F-4266-828D-FC351E8070AF}: NameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3D00ADB-9663-4548-A319-31ADF38EBFB4}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{37769AAD-7F6F-4266-828D-FC351E8070AF}: NameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{37769AAD-7F6F-4266-828D-FC351E8070AF}: NameServer = 192.168.1.254
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - E:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - E:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - E:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\3dmax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Norton Ghost - Symantec Corporation - E:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe

and here is the log for smitfraudfix:

SmitFraudFix v2.41

Scan done at 11:58:00.71, Tue 05/09/2006
Run from E:\Documents and Settings\Dethwish's Den\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» E:\

»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32

E:\WINDOWS\system32\atmclk.exe FOUND !
E:\WINDOWS\system32\dcomcfg.exe FOUND !
E:\WINDOWS\system32\hp?

.tmp FOUND !
E:\WINDOWS\system32\ld?

.tmp FOUND !
E:\WINDOWS\system32\ot.ico FOUND !
E:\WINDOWS\system32\regperf.exe FOUND !
E:\WINDOWS\system32\simpole.tlb FOUND !
E:\WINDOWS\system32\stdole3.tlb FOUND !
E:\WINDOWS\system32\ts.ico FOUND !
E:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\Dethwish's Den\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» E:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}"="Twain"

[HKEY_CLASSES_ROOT\CLSID\{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}\InProcServer32]
@="E:\WINDOWS\system32\twain32.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}\InProcServer32]
@="E:\WINDOWS\system32\twain32.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

thanks so much for your help!

guestolo · « **Reply #5 on:** May 08, 2006, 09:29:01 PM »

==Download and install Windows CleanUp! 4.5.1
Don't run this yet
NOTE: If you have an older version of Windows CleanUp!, Please uninstall it and use this newer version

Open Ewido Anti-malware
From the main ewido screen, click on Update in the left menu, then click the Start update button.
Let it update and then close it, we will need it later

Please save these instructions to a Notepad file and save it to your Desktop for reference
or Print them out!

Please Disable "Microsoft AntiSpyware's" realtime protections so it won't interfere in any fixes we try.
Keep this disabled until we know you are clean
Open Microsoft AntiSpyware.
Click on Options>>Settings
In the left pane, click on Real-time Protection.
Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.

RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu
In safe mode

==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done>>Click Close
DECLINE to Log off or Restart the computer

==Open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process. A text file will appear onscreen, with results from the cleaning process
I'll need to see these later, by default they are also saved at C:\rapport.txt

If a reboot was required, reboot back to safe mode
If it wasn't required, remain in safe mode

==Open Ewido Anti-malware
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to the desktop or someplace you will remember
Exit Ewido
NOTE: When Ewido is running, don't open any other windows, let it run uninterrupted

I still need you to make sure you do the following:
Please make sure it is done
Go to start>>run>>type in
msconfig
Hit OK
Under the Startup tab>>enable all
Ensure Normal startup is selected under the General tab
Apply it and Close

Restart back to Normal mode

Back in Windows I need to see all the following logs

1. Run a Scan and save logfile with Hijackthis and post a fresh log
2. Post the whole report from Ewidos'
3. Post the the contents of the log from Smitfraudfix>>Located here E:\rapport.txt

dethwish · « **Reply #6 on:** May 09, 2006, 03:28:57 AM »

Thanks so much again for all your help mate!! So far after doing what you said i have had no problems at all

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' /> here's a posting of the logs u were after...

Logfile of HijackThis v1.99.1
Scan saved at 6:27:46 PM, on 5/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\ABIT\ABIT uGuru\uGuru.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\DU Meter\DUMeter.exe
E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
E:\Program Files\Microsoft AntiSpyware\gcasServ.exe
E:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
E:\Program Files\Logitech\iTouch\iTouch.exe
E:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
E:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
E:\WINDOWS\system32\CTHELPER.EXE
E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
E:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
E:\WINDOWS\system32\CTsvcCDA.exe
E:\Program Files\Executive Software\Diskeeper\DkService.exe
E:\Program Files\ewido anti-malware\ewidoctrl.exe
E:\WINDOWS\System32\GEARSec.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\DAEMON Tools\daemon.exe
C:\3dmax8\mentalray\satellite\raysat_3dsmax8server.exe
E:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\pstrip.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\Winamp\winampa.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Common Files\Nokia\Tools\NclTray.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
E:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Nokia\PC Suite for N-Gage QD\connmngmntbox.exe
E:\Program Files\Nokia\PC Suite for N-Gage QD\ectaskscheduler.exe
E:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
E:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
E:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
E:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\WinRAR\WinRAR.exe
d:\temp\Rar$EX00.578\HijackThis.exe

O4 - HKLM\..\Run: [GuruClock] E:\Program Files\ABIT\ABIT uGuru\GuruClock.exe
O4 - HKLM\..\Run: [ABIT uGuru] E:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DU Meter] E:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gcasServ] "E:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] E:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CTSysVol] E:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] E:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] E:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PowerStrip] c:\pstrip.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NVMixerTray] "E:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] E:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Nokia Tray Application] E:\Program Files\Common Files\Nokia\Tools\NclTray.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [DataLayer] E:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Anti-Blaxx Manager] E:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Steam] "C:\Installed Games\steam\Steam.exe" -silent
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PCSuiteForNokiaN-Gage QD Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokiaN-Gage QD TS.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.Email Removed.msn.com/resources/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37769AAD-7F6F-4266-828D-FC351E8070AF}: NameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3D00ADB-9663-4548-A319-31ADF38EBFB4}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{37769AAD-7F6F-4266-828D-FC351E8070AF}: NameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{37769AAD-7F6F-4266-828D-FC351E8070AF}: NameServer = 192.168.1.254
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - E:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - E:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - E:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\3dmax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Norton Ghost - Symantec Corporation - E:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on:         6:07:31 PM, 5/9/2006
+ Report-Checksum:      48204851

+ Scan result:

   C:\Program Files\BraveSentry\BraveSentry0.dll -> Adware.Spysheriff : Cleaned with backup
   C:\Program Files\BraveSentry\BraveSentry1.dll -> Adware.Spysheriff : Cleaned with backup
   C:\Program Files\BraveSentry\BraveSentry2.dll -> Adware.Spysheriff : Cleaned with backup
   C:\Program Files\BraveSentry\BraveSentry3.dll -> Adware.Spysheriff : Cleaned with backup

::Report End

SmitFraudFix v2.41

Scan done at 17:26:04.73, Tue 05/09/2006
Run from E:\Documents and Settings\Dethwish's Den\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

E:\WINDOWS\system32\atmclk.exe Deleted
E:\WINDOWS\system32\dcomcfg.exe Deleted
E:\WINDOWS\system32\hp?

.tmp Deleted
E:\WINDOWS\system32\ld?

.tmp Deleted
E:\WINDOWS\system32\ot.ico Deleted
E:\WINDOWS\system32\regperf.exe Deleted
E:\WINDOWS\system32\simpole.tlb Deleted
E:\WINDOWS\system32\stdole3.tlb Deleted
E:\WINDOWS\system32\ts.ico Deleted
E:\WINDOWS\system32\1024\ Deleted
E:\DOCUME~1\DETHWI~1\FAVORI~1\Antivirus Test Online.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» End

thanks again!!

guestolo · « **Reply #7 on:** May 09, 2006, 09:03:58 AM »

Can you delete this folder if found please
C:\Program Files\BraveSentry <-this folder

Final Cleanup
We should flush all your restore points to ensure you don't restore any nasties that may be sitting idle

msconfig
Click OK
Click the "Launch System Restore" button
On the Left hand side click on "System Restore Settings"
Put a Check in "Turn off System Restore"
Apply it and OK out of there>>Reboot your computer
[/list]
Back in Windows, Go back and take the check out of "Turn off system restore"
This will reenable the System Restore feature and creates a new restore point

[indent][color=\"#CC0000\"]Protect yourself against Future Attacks[/color][/i][/b][/indent]
*Install SpywareBlaster 3.5.1 by JavaCool

After installation, Check for updates and then click the "Enable all protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

*Make sure your Anti-Virus software is always kept up to date and actively running in the background

*Make sure your Firewall is enabled and running
A Firewall is also very important
This provides a line of defense against someone who might try to access your computer without your permission

*Keep up to date on Windows updates (High Priorities)
This is the most important step in keeping your system secure
If not set to autoupdate, ensure to check for updates at least once a month!

You can reenable your realtime protections with Mic. anti-spyware if disabled earlier

Do you use either of these tools
Ad-Aware Se Personal 1.06 or Spybot 1.4?
If not, I can link you to them, I wouldn't be without them

dethwish · « **Reply #8 on:** May 09, 2006, 07:06:32 PM »

Thanks so much for your help ill do that now and download spyware blaster, i am using ad aware and spybot, and am also using firewall and antivirus.

Thank you so much for your help!!!!!

guestolo · « **Reply #9 on:** May 09, 2006, 09:36:08 PM »

Good work, don't forget to also do the following
Open Spybot 1.4
Click on the Immunize button>>OK the prompt>>Immunize at the top green cross
Please do that after every update

I'll lock this topic as your problems appear resolved
Take care

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

TheTechGuide Forum

News:

Author Topic: OHPE ver.4.12_23 another problem (Read 1080 times)

dethwish

OHPE ver.4.12_23 another problem

guestolo

OHPE ver.4.12_23 another problem

dethwish

OHPE ver.4.12_23 another problem

guestolo

OHPE ver.4.12_23 another problem

dethwish

OHPE ver.4.12_23 another problem

guestolo

OHPE ver.4.12_23 another problem

dethwish

OHPE ver.4.12_23 another problem

guestolo

OHPE ver.4.12_23 another problem

dethwish

OHPE ver.4.12_23 another problem

guestolo

OHPE ver.4.12_23 another problem